<?php
include ('include/conf.php');
no_cache();
//begin verificare data
$id_connect = connect_to_database(HOST, USER, PASS, DATABASE);
if (logged("admin")) {
    $sesiune = mysql_real_escape_string($_POST['sesiune']);
    //scoate tipul de operatiune
    if (isset($_POST['op'])) {
        $op = $_POST['op'];
        //######################################################################
        if ($op == "getClienti") {
            $str = "SELECT nume FROM clienti WHERE tip_cont='client' ORDER BY nume ASC";
            $result = mysql_query($str, $id_connect);
            while ($value = mysql_fetch_assoc($result)) {
                //se construieste xml-ului
                $continut .= "<row label=\"" . $value['nume'] . "\" />";
            }
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "getPhones") {
            if (isset($_POST['nume'])) {
                $nume = mysql_real_escape_string($_POST['nume']);
            } else {
                send_error2(10);
            }
            $str = "SELECT marca, model, companie, cost FROM credit_clienti WHERE nume='$nume' ORDER BY marca ASC, model ASC, companie ASC";
            $result = mysql_query($str, $id_connect);
            $currentMarca = "";
            $currentModel = "";
            $currentCompanie = "";
            $tagMarcaOpen = false;
            $tagModelOpen = false;
            $continut = "<rows flag=\"1\">\r\n";
            while ($value = mysql_fetch_assoc($result)) {
                $cost = $value['cost'];
                if ($currentMarca != $value['marca']) {
                    if ($tagModelOpen) {
                        $continut .= "</model>\r\n";
                    }
                    if ($tagMarcaOpen) {
                        $continut .= "</marca>\r\n";
                    }
                    $tagMarcaOpen = true;
                    $tagModelOpen = true;
                    $currentMarca = $value['marca'];
                    $currentModel = $value['model'];
                    $currentCompanie = $value['companie'];
                    $continut .= "<marca nume=\"$currentMarca\">\r\n";
                    $continut .= "<model nume=\"$currentModel\">\r\n";
                    $continut .= "<companie nume=\"$currentCompanie\" cost=\"$cost\" />\r\n";
                } else {
                    if ($currentModel == $value['model']) {
                        //open new companie tag
                        $currentCompanie = $value['companie'];
                        $continut .= "<companie nume=\"$currentCompanie\" cost=\"$cost\" />\r\n";
                    } else {
                        //open new model tag
                        if ($tagModelOpen) {
                            $continut .= "</model>\r\n";
                        }
                        $currentModel = $value['model'];
                        $currentCompanie = $value['companie'];
                        $continut .= "<model nume=\"$currentModel\">\r\n";
                        $continut .= "<companie nume=\"$currentCompanie\" cost=\"$cost\" />\r\n";

                    }
                }
            }
            $continut .= "</model>\r\n";
            $continut .= "</marca>\r\n";
            $continut .= "</rows>";
            echo $continut;
        }
        //######################################################################
        if ($op == "getModels") {
            $str = "SELECT * FROM model ORDER BY marca ASC, model ASC";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            $currentMarca = "";
            $currentModel = "";
            $currentCompanie = "";
            $tagMarcaOpen = false;
            $tagModelOpen = false;
            $continut = "<rows flag=\"1\">\r\n";
            while ($value = mysql_fetch_assoc($result)) {
                if ($currentMarca != $value['marca']) {
                    if ($tagModelOpen) {
                        $continut .= "</model>\r\n";
                    }
                    if ($tagMarcaOpen) {
                        $continut .= "</marca>\r\n";
                    }
                    $tagMarcaOpen = true;
                    $tagModelOpen = true;
                    $currentMarca = $value['marca'];
                    $currentModel = $value['model'];
                    $currentCompanie = $value['companie'];
                    $continut .= "<marca nume=\"$currentMarca\">\r\n";
                    $continut .= "<model nume=\"$currentModel\">\r\n";
                } else {
                    if ($currentModel != $value['model']) {
                        if ($tagModelOpen) {
                            $continut .= "</model>\r\n";
                        }
                        $currentModel = $value['model'];
                        $continut .= "<model nume=\"$currentModel\">\r\n";
                    }
                }
            }
            $continut .= "</model>\r\n";
            $continut .= "</marca>\r\n";
            $continut .= "</rows>";
            echo $continut;
        }
        //######################################################################
        if ($op == "sendImei") {
            //introducere imei de la admin
            $nume = mysql_real_escape_string($_POST['nume']);
            $marca = mysql_real_escape_string($_POST['marca']);
            $model = mysql_real_escape_string($_POST['model']);
            $companie = mysql_real_escape_string($_POST['companie']);
            $imei = mysql_real_escape_string($_POST['imei']);
            $unclock = mysql_real_escape_string($_POST['unlock']);
            //scoate cost din baza de date
            $str = "SELECT cost FROM credit_clienti WHERE nume='$nume' AND marca='$marca' AND model='$model' AND companie='$companie'";
            $result = mysql_query($str, $id_connect);
            $num_result = mysql_num_rows($result);
            if ($num_result != 1) {
                send_error2(5, $op);
            }
            $value = mysql_fetch_assoc($result);
            $cost = $value['cost'];
            //mai intai check credit
            $str = "SELECT cr_ramas,lang,mail from clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            $value = mysql_fetch_assoc($result);
            $cr_ramas = $value['cr_ramas'];
            $lang = $value['lang'];
            $mail_to = $value['mail'];

            if ($cr_ramas >= $cost) {
                //se verifica daca nu exista deja imeiul
                $str = "SELECT unlock_code from coduri WHERE imei='$imei'";
                $result = mysql_query($str, $id_connect);
                $num = mysql_num_rows($result);
                if ($num != 0) {
                    //send codul exista
                    send_error2(4, $op);
                }
                //se introduce creditul
                //mai intai update credit
                $str = "UPDATE clienti SET cr_consumat=cr_consumat+$cost, cr_ramas=cr_ramas-$cost WHERE nume='$nume'";
                mysql_query($str, $id_connect);
                //write mysql log
                write_mysql_log($nume,$op,$str,$id_connect);
                //insert imei
                $data_in = time();
                //set data_out numai daca este setat $unlock
                if ($unlock != "") {
                    $data_out = time() + 600;
                } else {
                    $data_out = "";
                }
                if ($unlock == "") {
                    $status = "wait";
                } else {
                    $status = "done";
                }
                $str = "INSERT INTO coduri (nume, imei, unlock_code, marca, model, companie, data_in, data_out, cost, status) VALUES ('$nume','$imei','$unlock','$marca','$model','$companie','$data_in','$data_out','$cost','$status')";
                $result = mysql_query($str, $id_connect);
                if (!$result) {
                    send_error2(5, $op);
                } else {
                    //send mail to john si return confirmare succefull
                    if (file_exists('languages/' . $lang . '.php')) {
                        require_once ('languages/' . $lang . '.php');
                    } else {
                        require_once ('languages/en.php');
                    }
                    $data_in = date("d-M-Y  H:i", $data_in);
                    $subject = "SpainGsm Team -- unlock code $unlock";
                    $from = "codigo@imeiserver.es";
                    $message .= $mess[1] . "&nbsp;&nbsp;<font color=\"#0066FF\"><b>" . $imei .
                        "</b></font><br>";
                    $message .= $mess[2] . "&nbsp;&nbsp;<font color=\"#FF0000\"><b>" . $unlock .
                        "</b></font><br>";
                    $message .= $mess[3] . "&nbsp;&nbsp;<b>" . $data_in . "</b><br>";
                    $message .= $mess[4] . "&nbsp;&nbsp;<b>" . $companie . "</b><br>";
                    $message .= $mess[5] . "&nbsp;&nbsp;<b>" . $marca . "</b><br>";
                    $message .= $mess[6] . "&nbsp;&nbsp;<b>" . $model . "</b><br>";
                    $mailSend = send_mail($mail_to, $message, $subject, $from, 'Admin');
                    if ($mailSend) {
                        //return succesfull mesaj
                        send_confirmation();
                    } else {
                        send_error2(23, $op);
                    }
                }
            } else {
                //credit insuficient
                send_error2(11, $op);
            }
        }
        //######################################################################
        if ($op == "scadeCredit") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $valoare = mysql_real_escape_string($_POST['val']);
            if (!check_numar($valoare)) {
                send_error2(13, $op);
            }
			$str = "UPDATE clienti SET cr_consumat=cr_consumat+$valoare, cr_ramas=cr_ramas-$valoare WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            //write mysql log
            write_mysql_log($nume,$op,$str,$id_connect);
            if (!$result) {
                send_error2(5, $op);
            } else {
                send_confirmation();
            }
        }
        //######################################################################
        if ($op == "getImeiList") {
            $str = "SELECT id, nume, marca, model, companie, cost, imei, unlock_code, data_in, data_out, status FROM coduri WHERE";
            if (isset($_POST['imei'])) {
                $imei = $_POST['imei'];
                $str .= " imei LIKE '%$imei%'";
            } else {
                $str .= " status='wait'";
            }
            $str .= " ORDER BY data_in DESC";
            $result = mysql_query($str, $id_connect);
            $count = 0;
            while ($value = mysql_fetch_assoc($result)) {
                $count += 1;
                //$logo = get_logo($phone_icons,$value['marca']);
                $logo = 'null';
                $data_intrare = date("M/d/Y H:i", $value['data_in']);
                if ($value['data_out'] != '') {
                    $data_iesire = date("M/d/Y H:i", $value['data_out']);
                } else {
                    $data_iesire = '';
                }
                $continut .= "<row count=\"$count\" id=\"".$value['id']."\" nume=\"" . $value['nume'] . "\" marca=\"" .
                    $value['marca'] . "\" model=\"" . $value['model'] . "\" companie=\"" . $value['companie'] .
                    "\" cost=\"" . $value['cost'] . "\" imei=\"" . $value['imei'] . "\" unlock=\"" .
                    $value['unlock_code'] . "\" datain=\"" . $data_intrare . "\" dataout=\"" . $data_iesire .
                    "\" status=\"" . $value['status'] . "\" imagmarca=\"icons/" . $logo . ".png\" />";
            }
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "sendUnlock") {
        	$record_id = mysql_real_escape_string($_POST['id']);
            $nume = mysql_real_escape_string($_POST['nume']);
            $imei = mysql_real_escape_string($_POST['imei']);
            $unlock = mysql_real_escape_string($_POST['unlock']);
            $cost = mysql_real_escape_string($_POST['cost']);
            if (!check_numar($cost) || ($cost <= 0)) {
                send_error2(13, $op);
            }
            $data_out = time();
            //scoate cost din baza de date
            $str = "SELECT cost FROM coduri WHERE id='$record_id'";
            $result = mysql_query($str, $id_connect);
            $num_result = mysql_num_rows($result);
            if ($num_result == 0) {
                send_error2(12);
            }
            $value = mysql_fetch_assoc($result);
            $cost2 = $value['cost'];
            //cazul cand unlock este "unknow"
            if (strtolower($unlock) == "unknow") {
                //se restitue creditul
                $str = "UPDATE clienti SET cr_consumat=cr_consumat-$cost2, cr_ramas=cr_ramas+$cost2 WHERE nume='$nume'";
                mysql_query($str, $id_connect);
                //write mysql log
                write_mysql_log($nume,$op."_1",$str,$id_connect);
                //se actualizeaza coduri
                $str = "UPDATE coduri SET unlock_code='$unlock', data_out='$data_out', status='done', cost='0' WHERE id='$record_id'";
                mysql_query($str, $id_connect);
            }
            //Se continua verificarile. Check daca e alt pret. grija la credit client
            if ($cost == $cost2) {
                //se actualizeaza coduri
                $str = "UPDATE coduri SET unlock_code='$unlock', data_out='$data_out', status='done' WHERE id='$record_id'";
                mysql_query($str, $id_connect);
            } else {
                //se reactualizeaza cont client si apoi coduri cu noul unlock si cost
                $diff = $cost2 - $cost;
                $str = "UPDATE clienti SET cr_consumat=cr_consumat-$diff, cr_ramas=cr_ramas+$diff WHERE nume='$nume'";
                mysql_query($str, $id_connect);
                //write mysql log
                write_mysql_log($nume,$op."_2",$str,$id_connect);
                //actualizare coduri
                $str = "UPDATE coduri SET unlock_code='$unlock', data_out='$data_out', status='done', cost='$cost' WHERE id='$record_id'";
                mysql_query($str, $id_connect);
            }
            //send mail
            //mai intai se scot datele necesare din baza de date
            $str = "SELECT coduri.data_in,coduri.marca,coduri.model,coduri.companie,clienti.mail,clienti.lang FROM coduri, clienti WHERE clienti.nume=coduri.nume AND coduri.id='$record_id'";
            $result = mysql_query($str, $id_connect);
            $value = mysql_fetch_assoc($result);
            $lang = $value['lang'];
            $mail_to = $value['mail'];
            $marca = $value['marca'];
            $model = $value['model'];
            $companie = $value['companie'];
            $date_in = $value['date_in'];
            //initializeaza $mess
            if (file_exists('languages/' . $lang . '.php')) {
                require_once ('languages/' . $lang . '.php');
            } else {
                require_once ('languages/en.php');
            }
            $data_in = date("d-M-Y  H:i", $data_in);
            $subject = "SpainGsm Team -- unlock code $unlock";
            $from = "codigo@imeiserver.es";
            $message .= $mess[1] . "&nbsp;&nbsp;<font color=\"#0066FF\"><b>" . $imei .
                "</b></font><br>";
            $message .= $mess[2] . "&nbsp;&nbsp;<font color=\"#FF0000\"><b>" . $unlock .
                "</b></font><br>";
            $message .= $mess[3] . "&nbsp;&nbsp;<b>" . $data_in . "</b><br>";
            $message .= $mess[4] . "&nbsp;&nbsp;<b>" . $companie . "</b><br>";
            $message .= $mess[5] . "&nbsp;&nbsp;<b>" . $marca . "</b><br>";
            $message .= $mess[6] . "&nbsp;&nbsp;<b>" . $model . "</b><br>";
            $mailSend = send_mail($mail_to, $message, $subject, $from, 'Admin');
            if ($mailSend) {
                //return succesfull mesaj
                send_confirmation();
            } else {
                send_error2(23, $op);
            }
        }
        //######################################################################
        if ($op == "deleteImei") {
            $imei = mysql_real_escape_string($_POST['imei']);
            $id = mysql_real_escape_string($_POST['id']);
            //scoate numele si costul
            $str = "SELECT nume, cost FROM coduri WHERE imei='$imei' AND id='$id' LIMIT 1";
            $result = mysql_query($str, $id_connect);
            $value = mysql_fetch_assoc($result);
            $nume = $value['nume'];
            $cost = $value['cost'];
            //$data_out = date('M/d/Y H:i',time());
            //update imei, set status to delete
            $str = "DELETE FROM coduri WHERE imei='$imei' AND id='$id' LIMIT 1";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //restituie credit client
            $str = "UPDATE clienti SET cr_ramas=cr_ramas+$cost, cr_consumat=cr_consumat-$cost WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            //write mysql log
            write_mysql_log($nume,$op,$str,$id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //send confirmare succesfull
            send_confirmation();
        }
        //######################################################################
        if ($op == "getPriceList") {
            $str = "SELECT * FROM credit ORDER BY marca ASC, model ASC, companie ASC";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            $continut = "";
            $count = 0;
            while ($value = mysql_fetch_assoc($result)) {
                $count++;
                $continut .= "<row count=\"$count\" marca=\"" . $value['marca'] . "\" model=\"" .
                    $value['model'] . "\" companie=\"" . $value['companie'] . "\" cost=\"" . $value['cost'] .
                    "\" />";
            }
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "getClientCredit") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT cr_total, cr_ramas FROM clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                echo "flag=0";
                exit();
            } else {
                $value = mysql_fetch_assoc($result);
                $total = $value['cr_total'];
                $ramas = $value['cr_ramas'];
                echo "flag=1&total=$total&ramas=$ramas";
                exit();
            }
        }
        //######################################################################
        if ($op == "getPriceListClient") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT * FROM credit_clienti WHERE nume='$nume' ORDER BY marca ASC, model ASC, companie ASC";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            $continut = "";
            $count = 0;
            while ($value = mysql_fetch_assoc($result)) {
                $count++;
                $continut .= "<row count=\"$count\" marca=\"" . $value['marca'] . "\" model=\"" .
                    $value['model'] . "\" companie=\"" . $value['companie'] . "\" cost=\"" . $value['cost'] .
                    "\" />";
            }
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "updatePrice") {
            $marca = mysql_real_escape_string($_POST['marca']);
            $model = mysql_real_escape_string($_POST['model']);
            $companie = mysql_real_escape_string($_POST['companie']);
            $cost = mysql_real_escape_string($_POST['cost']);
            if (!preg_match("/^([0-9]+)$/", $cost)) {
                send_error2(13, $op);
            }
            $str = "UPDATE credit SET cost='$cost' WHERE marca='$marca' AND model='$model' AND companie='$companie'";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            } else {
                send_confirmation();
            }
        }
        //######################################################################
        if ($op == "updatePriceClient") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $marca = mysql_real_escape_string($_POST['marca']);
            $model = mysql_real_escape_string($_POST['model']);
            $companie = mysql_real_escape_string($_POST['companie']);
            $cost = mysql_real_escape_string($_POST['cost']);
            if (!preg_match("/^([0-9]+)$/", $cost)) {
                send_error2(13, $op);
            }
            $str = "UPDATE credit_clienti SET cost='$cost' WHERE nume='$nume' AND marca='$marca' AND model='$model' AND companie='$companie'";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            } else {
                send_confirmation();
            }
        }
        //######################################################################
        if ($op == "insertMarca") {
            //check if marca exista
            $marca = mysql_real_escape_string($_POST['marca']);
            $str = "SELECT marca from marca WHERE marca='$marca'";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            if ($num != 0) {
                send_error2(14, $op);
            }
            //inserare marca noua
            $str = "INSERT INTO marca (marca) VALUES ('$marca')";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //return back noua schema pentru populare marci
            $str = "SELECT marca from marca ORDER BY marca ASC";
            $result = mysql_query($str, $id_connect);
            $continut = "";
            while ($value = mysql_fetch_assoc($result)) {
                //se construieste xml-ului
                $continut .= "<row label=\"" . $value['marca'] . "\" />";
            }
            //trimite back catre server
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "insertModel") {
            $marca = mysql_real_escape_string($_POST['marca']);
            $model = mysql_real_escape_string($_POST['model']);
            //check if exist
            $str = "SELECT model from model WHERE marca='$marca' AND model='$model'";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            if ($num != 0) {
                send_error2(15, $op);
            }
            //insert
            $str = "INSERT INTO model (marca, model) VALUES ('$marca','$model')";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            } else {
                send_confirmation();
            }
        }
        //######################################################################
        if ($op == "insertCompanie") {
            $companie = mysql_real_escape_string($_POST['companie']);
            //check if exist
            $str = "SELECT companie from companie WHERE companie='$companie'";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            if ($num != 0) {
                send_error2(16, $op);
            }
            $str = "INSERT INTO companie (companie) VALUES ('$companie')";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            } else {
                //send back new list
                $str = "SELECT companie FROM companie ORDER BY companie ASC";
                $result = mysql_query($str, $id_connect);
                $continut = "";
                while ($value = mysql_fetch_assoc($result)) {
                    $continut .= "<row label=\"" . $value['companie'] . "\" />";
                }
                build_xml_packet2($continut);
            }
        }
        //######################################################################
        if ($op == "insertCredit") {
            $marca = mysql_real_escape_string($_POST['marca']);
            $model = mysql_real_escape_string($_POST['model']);
            $companie = mysql_real_escape_string($_POST['companie']);
            $cost = mysql_real_escape_string($_POST['cost']);
            if (!is_numeric($cost)) {
                send_error2(13, $op);
            }
            //check if exist
            $str = "SELECT marca from credit WHERE marca='$marca' AND model='$model' AND companie='$companie'";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            if ($num != 0) {
                send_error2(17, $op);
            }
            //insert
            $str = "INSERT INTO credit (marca,model,companie,cost) VALUES ('$marca','$model','$companie','$cost')";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //insert credit creat pentru fiecare client existent
            $str = "SELECT nume FROM clienti WHERE tip_cont='client'";
            $result = mysql_query($str, $id_connect);
            while ($value = mysql_fetch_assoc($result)) {
                $nume = $value['nume'];
                $str = "INSERT INTO credit_clienti (nume,marca,model,companie,cost) VALUES ('$nume','$marca','$model','$companie','$cost')";
                mysql_query($str, $id_connect);
            }
            //trimite confirmare
            send_confirmation();
        }
        //######################################################################
        if ($op == "getMarca") {
            $str = "SELECT marca from marca ORDER BY marca ASC";
            $result = mysql_query($str, $id_connect);
            $continut = "";
            while ($value = mysql_fetch_assoc($result)) {
                //se construieste coprul xml-ului
                $continut .= "<row label=\"" . $value['marca'] . "\" />";
            }
            //trimite back catre server
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "getCompanie") {
            $str = "SELECT companie FROM companie ORDER BY companie ASC";
            $result = mysql_query($str, $id_connect);
            $continut = "";
            while ($value = mysql_fetch_assoc($result)) {
                $continut .= "<row label=\"" . $value['companie'] . "\" />";
            }
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "getClienti2") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT * FROM clienti WHERE";
            if ($nume != '') {
                $str .= " tip_cont = 'client' AND nume LIKE '%$nume%'";
            } else {
                $str .= " tip_cont = 'client'";
            }
            $str .= " ORDER BY nume ASC";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            $continut = "";
            $count = 0;
            while ($value = mysql_fetch_assoc($result)) {
                //se construieste coprul xml-ului
                $count++;
                $continut .= "<row count=\"" . $count . "\" nume=\"" . $value['nume'] . "\" parola=\"" .
                    $value['parola'] . "\" mail=\"" . $value['mail'] . "\" phone=\"" . $value['phone'] .
                    "\" total=\"" . $value['cr_total'] . "\" consumat=\"" . $value['cr_consumat'] .
                    "\" ramas=\"" . $value['cr_ramas'] . "\" />";
            }
            build_xml_packet2($continut);
        }
        //########################################################################
        if ($op == "updateClienti") {
            //String expected
            $nume = mysql_real_escape_string($_POST['nume']);
            $parola = mysql_real_escape_string($_POST['parola']);
            $mail = mysql_real_escape_string($_POST['mail']);
            $phone = mysql_real_escape_string($_POST['phone']);
            $str = "UPDATE clienti SET parola='$parola', mail='$mail', phone='$phone' WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            send_confirmation();
        }
        //######################################################################
        if ($op == "deleteClient") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $str = "DELETE FROM clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //sterge si din credit clienti
            $str = "DELETE FROM credit_clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            send_confirmation();
        }
        //######################################################################
        if ($op == "deleteCredit") {
            $marca = mysql_real_escape_string($_POST['marca']);
            $model = mysql_real_escape_string($_POST['model']);
            $companie = mysql_real_escape_string($_POST['companie']);
            $str = "DELETE FROM credit WHERE marca='$marca' AND model='$model' AND companie='$companie'";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //sterge si din credit clienti
            $str = "DELETE FROM credit_clienti WHERE marca='$marca' AND model='$model' AND companie='$companie'";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            send_confirmation();
        }
        //######################################################################
        if ($op == "insertClient") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $parola = mysql_real_escape_string($_POST['parola']);
            $mail = mysql_real_escape_string($_POST['mail']);
            $phone = mysql_real_escape_string($_POST['phone']);
            $credit = mysql_real_escape_string($_POST['credit']);
            $comment = mysql_real_escape_string($_POST['comment']);
            //se verifica daca clientul nu exista deja
            $str = "SELECT nume FROM clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            if ($num != 0) {
                send_error2(18, $op);
            }
            //check mail format
            if (!checkEmail($mail)) {
                send_error2(19, $op);
            }
            if (!check_numar($credit)) {
                send_error2(13, $op);
            }
            $str = "INSERT INTO clienti (nume, parola, mail, phone, cr_total, cr_ramas) VALUES ('$nume','$parola','$mail','$phone','$credit','$credit')";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //insert credit in credit clienti
            $str = "SELECT * FROM credit ORDER BY marca ASC";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            while ($value = mysql_fetch_assoc($result)) {
                $marca = $value['marca'];
                $model = $value['model'];
                $companie = $value['companie'];
                $default_cost = $value['cost'];
                $str = "INSERT INTO credit_clienti (nume, marca, model, companie, cost) VALUES ('$nume','$marca','$model','$companie', '$default_cost')";
                mysql_query($str, $id_connect);
            }
            //insert comment in plati
            $data_plata = time();
            $str = "INSERT INTO plati (nume,data_plata,data_estimata,comentariu,suma) VALUES ('$nume','$data_plata',' ','$comment','$credit')";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //intoarce lista de clienti
            $str = "SELECT * FROM clienti WHERE tip_cont = 'client' ORDER BY nume ASC";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            $continut = "";
            $count = 0;
            while ($value = mysql_fetch_assoc($result)) {
                //se construieste coprul xml-ului
                $count++;
                $continut .= "<row count=\"" . $count . "\" nume=\"" . $value['nume'] . "\" parola=\"" .
                    $value['parola'] . "\" mail=\"" . $value['mail'] . "\" phone=\"" . $value['phone'] .
                    "\" total=\"" . $value['cr_total'] . "\" consumat=\"" . $value['cr_consumat'] .
                    "\" ramas=\"" . $value['cr_ramas'] . "\" />";
            }
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "getPlati") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $pp = mysql_real_escape_string($_POST['pp']);
            if($nume != "all")
            {
				$numBool = False;
			}else{
				$numBool = True;
			}
            if($pp == 'true'){
				$ppBool = True;
			}else{
				$ppBool = False;
			}
			if ($numBool && $ppBool)
			{
				//nume all, pp true
                $str = "SELECT * FROM plati WHERE data_estimata not like '%#%' and data_estimata<>' ' ORDER BY data_plata DESC";
            }
            if($numBool && !$ppBool)
            {
				//nume all, pp false
				$str = " SELECT * from plati ORDER BY data_plata DESC LIMIT 100";
			}
            if(!$numBool && $ppBool)
            {
				//nume not all, pp true
				$str = " SELECT * from plati WHERE (data_estimata not like '%#%' and data_estimata<>' ') AND nume='$nume' ORDER BY data_plata DESC";
			}
            if(!$numBool && !$ppBool)
            {
				//nume not all, pp false
				$str = " SELECT * from plati WHERE nume='$nume' ORDER BY data_plata DESC";
			}
            $result = mysql_query($str, $id_connect);
            $count = 0;
            while ($value = mysql_fetch_assoc($result)) {
                $count++;
                $data_plata = date("d-M-y H:i", $value['data_plata']);
                $continut .= "<row count=\"" . $count . "\" userId=\"" . $value['id'] . "\" nume=\"" .
                    $value['nume'] . "\" info=\"" . htmlentities$value['comentariu']) . "\" amount=\"" . $value['suma'] .
                    "\" data=\"" . $data_plata . "\" data_estimata=\"" . $value['data_estimata'] . "\" t=\"" . $value['T'] . "\" r=\"" . $value['R'] . "\" c=\"" . $value['C'] . "\" />";
            }
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "updateCredit") {
            $nume = mysql_real_escape_string($_POST['nume']);
            $valoare = mysql_real_escape_string($_POST['credit']);
            $comentariu = mysql_real_escape_string($_POST['comment']);
            if (!check_numar($valoare)) {
                send_error2(13, $op);
            }
            $str = "UPDATE clienti SET cr_total=cr_total+$valoare, cr_ramas=cr_ramas+$valoare WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            //write mysql log
            $credit = write_mysql_log($nume,$op,$str,$id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            //get last credit situation
            $total = $credit['cr_total'];
            $ramas = $credit['cr_ramas'];
            $consumat = $credit['cr_consumat'];
            //insert in plati
            $withPP = mysql_real_escape_string($_POST['withPP']);
            $dataEstimata = mysql_real_escape_string($_POST['dataEstimata']);
            if ($withPP == 'false') {
                $dataEstimata = " ";
            }
            $data_plata = time();
            $str = "INSERT INTO plati (nume,data_plata,data_estimata,comentariu,suma,T,R,C) VALUES ('$nume','$data_plata','$dataEstimata','$comentariu','$valoare','$total','$ramas','$consumat')";
            $result = mysql_query($str, $id_connect);
            if (!$result) {
                send_error2(5, $op);
            }
            send_confirmation();
        }
        //######################################################################
        if ($op == "plataCredit") {
            $id = mysql_real_escape_string($_POST['id']);
            //scoate data estimata
            $str = "SELECT data_estimata FROM plati WHERE id='$id'";
            $result = mysql_query($str, $id_connect);
            $value = mysql_fetch_assoc($result);
            $dataEstimata = $value['data_estimata'];
            $currentData = date('m/d/Y', time());
            $dataEstimata = $dataEstimata . "#" . $currentData;
            $str = "UPDATE plati SET data_estimata='$dataEstimata' WHERE id='$id'";
            mysql_query($str, $id_connect);
            //raspuns la server
            $continut = "<row res=\"$dataEstimata\" />";
            build_xml_packet2($continut);
        }
        //############################################################################################################################################
    } else {
        send_error2(10, "DATA control");
    }
} else {
    send_error2(6, "AUTH error");
}
?>
